I am trying to build an application that leverages our Splunk Enterprise
setup using Python. I want to get a list of all saved searches (reports),
then get a list of the results of those searches. When I connect to Splunk
via the API and query for saved searches it only returns searches owned by
"nobody", but when I view the searches in the Web UI I see all the searches
saved by everybody.
How can I view the searches saved by everybody, or even a specific user?
Here is a very basic version of what I'm trying to do:
import splunklib.client as client
import splunklib.results as results
CONNECT_DICT = {
'username': removed,
'password': removed,
'host': removed,
'port': removed
}
service = client.connect(**CONNECT_DICT)
saved_searches = service.saved_searches
for saved_search in saved_searches:
print "%s: %s" % (saved_search.name, saved_search['search'])
Thanks for any info.
By default the API returns the saved searches present in current namespace. See this link http://dev.splunk.com/view/python-sdk/SP-CAAAEK2#listsaved the section "To list saved searches" will help you to retrieve what you need. You should create a separate service class.
for overview on namespaces read this. http://dev.splunk.com/view/python-sdk/SP-CAAAEBB#namespaces
By default the API returns the saved searches present in current namespace. See this link http://dev.splunk.com/view/python-sdk/SP-CAAAEK2#listsaved the section "To list saved searches" will help you to retrieve what you need. You should create a separate service class.
for overview on namespaces read this. http://dev.splunk.com/view/python-sdk/SP-CAAAEBB#namespaces
Thanks @strive. That got me one step closer. I'm having permissions issues on my service account now. It doesn't have permission to access other user's saved searches.
I posted the question here: http://answers.splunk.com/answers/149067/permissions-issue-access-saved-searches